Articles about Security

If you're a Firefox user, it's highly possible that you use the browser to store your login usernames and passwords for the sake of ease. Supposing you're a little security conscious, you may well have enabled the 'master password' function to prevent unauthorized access to your password database.

Well, there's a little bad news. It's nowhere near as secure as you may have thought. Wladimir Palant -- the guy behind the AdBlock Plus extension -- found that the system, which is used by both Firefox and Thunderbird, can be very easily brute-forced, leaving passwords vulnerable to malware and hackers.

Continue reading →

Over the past year or so the idea of using artificial intelligence as an aid to cyber security has gained a lot of support.

But what role does AI and machine learning have, and what will the future of security look like when it's in widespread use? We spoke to Gene Stevens, co-founder and CTO of network security company ProtectWise to find out.

Continue reading →

Compatibility issues with patches for the Meltdown and Spectre vulnerabilities saw Microsoft blocking the rollout of security updates to Windows users. The company has just changed its policy for Windows 10 users, but this does not help anyone running Windows 7 or 8.x.

The problem is that updates are blocked for people who have not installed antivirus software known to be fully compatible. When such software is installed, a registry entry is created, and this allows updates to be installed. If you've decided to run the risk of operating without antivirus software installed, this registry won't be created and you won't receive security updates. Unless you hack it, that is.

Continue reading →

The proceeds of cyber crime make up an estimated eight to 10 percent of total illegal profits laundered globally each year, amounting to an estimated $80-$200 billion.

This is among the findings of a new report, commissioned by virtualization-based security company Bromium, into the economics of cyber crime and how criminals launder and 'cash out' the profits of their endeavors.

Continue reading →

The US has introduced new sanctions against Russia after accusing the country not only of interfering in the 2016 election, but also launching a cyberattack on its energy grid.

Officials say that malware traced back to Moscow had been found to have infected operating systems on computers belonging to companies in the energy sector. The Department of Homeland Security is in no doubt that the Russian government is responsible.

Continue reading →

Cloud access security specialist Netskope is launching an expansion of its Infrastructure as a Service security offering to add continuous security assessment and monitoring capabilities.

With this release customers can use Netskope for IaaS to continuously assess their infrastructure-as-aservice (IaaS) and platform-as-a-service (PaaS) configuration in AWS, with Microsoft Azure to follow soon.

Continue reading →

Microsoft has launched a bug bounty program that will reward anyone who finds the next Meltdown or Spectre vulnerability. Known as speculative execution side channel vulnerabilities, Microsoft is willing to reward anyone who reports bugs that could cause problems like earlier in the year.

The rewards on offer range from $5,000 up to $250,000 depending on the severity of the vulnerability, and the bounty program runs until the end of 2018. Microsoft says that it will operate under the principles of coordinated vulnerability disclosure.

Continue reading →

VPN tools have been in the headlines recently. Firstly, Facebook's Onavo VPN was found to be gathering user data, and then McAfee snapped up VPN firm TunnelBear. Now for users of Hotspot Shield, PureVPN and ZenMate, there's a warning: sensitive data such as your real IP address may be leaked.

A VPN company with a strong interest in privacy, vpnMentor, commissioned research into the three well-known tools, and problems were found in all of them. The developers were notified, but only HotSpot Shield has addressed the problems that were found.

Continue reading →

In the fallout from the revelations about the Spectre and Meltdown vulnerabilities -- and the ensuing chaos relating to patches for the security problems -- Microsoft blocked security updates for Windows 10 users with antivirus software whose compatibility with patches was not known.

Two months after making this decision, Microsoft has changed course and said that updates can roll out to everyone once again. The company says this is a result of working with antivirus partners and patches should no longer lead to problems in most cases.

Continue reading →

Researchers at cyber security platform ERPScan have disclosed details of two vulnerabilities that allow compromise of the widely used SAP CRM system.

CRM is considered as a most critical asset by businesses. A data breach into CRM can be disastrous as it can destroy trust in the business and severely tarnish the brand as well as raising compliance issues.

Continue reading →

DDoS attacks using domain name server (DNS) amplification increased more than 357 percent in the fourth quarter of 2017 compared to the previous year.

A new report by protection specialist Nexusguard attributes the rise to the use of Domain Name System Security Extensions (DNSSEC), a technology that's intended to add integrity and security to the DNS protocol.

Continue reading →

New research reveals the US cities that are best at password security, with Minneapolis topping the list.

The study by password manager Dashlane scores cities based on several metrics, including average password strength and average number of reused passwords.

Continue reading →

Researchers at threat prevention specialist Preempt have discovered a flaw in Credential Security Support Provider protocol (CredSSP), which is used by Remote Desktop and WinRM in their authentication processes.

An attacker with man-in-the-middle control over the session could use this to gain the ability to remotely run code on the compromised server masquerading as a legitimate user.

Continue reading →

Off-the-shelf smart devices that include baby monitors, home security cameras, doorbells, and thermostats can be easily hacked according researchers at Israel's Ben-Gurion University of the Negev (BGU).

As part of their ongoing research into detecting vulnerabilities in devices and networks expanding in the smart home and Internet of Things (IoT), the BGU researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.

Continue reading →

Christine Lagarde, the head of the International Monetary Fund (IMF), has said that the blockchain technology behind cryptocurrencies could also be used to regulate them. She suggests that the IMF "fight fire with fire" in trying to address the "dark side of the crypto world."

While acknowledging the potential for the technology behind crypto-assets as being massively empowering -- particularly as a way to provide low-cost payment methods in poorer countries -- she says that cryptocurrencies also need regulation to avoid problems such as money laundering and funding terrorism.

Continue reading →